Differential attack on nine rounds of the SEED block cipher

The SEED block cipher has a 128-bit block length, a 128-bit user key and a total number of 16 rounds. It is an ISO international standard. In this letter, we describe two 7-round differentials with a trivially larger probability than the best previously known one on SEED, and present a differential cryptanalysis attack on a 9-round reduced version of SEED. The attack requires a memory of 2^69.71 bytes, and has a time complexity of 2^126.36 encryptions with a success probability of 99.9% when using 2¹²⁵ chosen plaintexts, or a time complexity of 2^125.36 encryptions with a success probability of 97.8% when using 2¹²⁴ chosen plaintexts. Our result is better than any previously published cryptanalytic results on SEED in terms of the numbers of attacked rounds, and it suggests for the first time that the safety margin of SEED decreases below half of the number of rounds.     

Is the Data Encryption Standard a group? (Results of cycling experiments on DES)

The Data Encryption Standard (DES) defines an indexed set of permutations acting on the message space ={0,1}⁶⁴. If this set of permutations were closed under functional composition, then the two most popular proposals for strengthening DES through multiple encryption would be equivalent to single encryption. Moreover, DES would be vulnerable to a known-plaintext attack that runs in 2²⁸ steps on the average. It is unknown in the open literature whether or not DES has this weakness.Two statistical tests are presented for determining if an indexed set of permutations acting on a finite message space forms a group under functional composition. The first test is a meet-in-the-middle algorithm which uses O(K) time and space, where K is the size of the key space. The second test, a novel cycling algorithm, uses the same amount of time but only a small constant amount of space. Each test yields a known-plaintext attack against any finite, deterministic cryptosystem that generates a small group.The cycling closure test takes a pseudorandom walk in the message space until a cycle is detected. For each step of the pseudorandom walk, the previous ciphertext is encrypted under a key chosen by a pseudorandom function of the previous ciphertext. Results of the test are asymmetrical: long cycles are overwhelming evidence that the set of permutations is not a group; short cycles are strong evidence that the set of permutations has a structure different from that expected from a set of randomly chosen permutations.Using a combination of software and special-purpose hardware, the cycling closure test was applied to DES. Experiments show, with overwhelming confidence, that DES is not a group. Additional tests confirm that DES is free of certain other gross algebraic weaknesses. But one experiment discovered fixed points of the so-called weak-key transformations, thereby revealing a previously unpublished additional weakness of the weak keys.Support for this research was provided in part by the National Science Foundation under contract number MCS-8006938 and by the International Business Machines Corporation.     

THE SEARCH FOR THE KEY BOOK TO NICHOLAS TRIST'S BOOK CIPHERS

Abstract

This article presents the evolution of the Arabic cryptologic treatises discovered in Istanbul's Süleymaniye library, linking its various phases to the greater bureaucratic trends of the regimes which produced these treatises.     

ENIGMA AND FRIENDS EXHIBIT BLETCHLEY PARK EXHIBIT OPENS

The contents of three cryptology courses taught at Kean College of New Jersey are discussed.     

分布式密码的体系结构和研究内容

通过分析分布式密码各部分的历史渊源和相互联系,给出了分布式密码的体系结构,并对系统模型进行了较为完整的描述。结合密码学研究的基本思路和分布式密码的现状,指出了分布式密码的研究内容。     

THE PUBLIC CRYPTOGRAPHY STUDY GROUP

Abstract

The true identity of Joaquín García Carmona, the famous Spanish cryptologist, author Treaty of Cryptography with Special Application to the Army, is revealed in this paper and biographical details are provided.     

A JOINT SIGNATURE ENCRYPTION AND ERROR CORRECTION PUBLIC-KEY CRYPTOSYSTEM BASED ON ALGEBRAIC CODING THEORY

A joint signature,encryption and error correction public-key cryptosystem is pre-sented based on an NP-completeness problem-the decoding problem of general linear codes inalgebraic coding theory,     

有限域上任意长度的DFT

有限域上的ＤＦＴ在数字信号处理，纠错码等领域都有重要应用。通常的有限域上ＤＦＴ仅限于长度与有限域特征互素的情形，它远远不能满足处理任意长度数据的需要。本文提出了有限域上任意长度的ＤＦＴ，研究了新变换的有关性质，并讨论了它在密码、编码中的应用。     

非退化相关免疫函数的构造与计数

本文给出了非退化一阶相关免疫函数的一个构造方法，得到了这类函数的一个新的下界，并且给出了阶数大于１的相关免疫函数非退化的一个充分条件及实例。     

2轮Trivium的多线性密码分析

作为欧洲流密码发展计划eSTREAM的7个最终获选算法之一,Trivium的安全性考察表明至今为止还没有出现有效的攻击算法。该文针对2轮Trivium,通过找出更多线性逼近方程,对其进行了多线性密码分析,提出了一种更有效的区分攻击算法。与现有的单线性密码分析算法相比,该算法攻击成功所需的数据量明显减少,即:若能找到n个线性近似方程,在达到相同攻击成功概率的前提下,多线性密码分析所需的数据量只有单线性密码分析的1/n。该研究结果表明,Trivium的设计还存在一定的缺陷,投入实用之前还需要实施进一步的安全性分析。